[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   16.784106] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.950996] random: sshd: uninitialized urandom read (32 bytes read)
[   21.409600] random: sshd: uninitialized urandom read (32 bytes read)
[   22.194353] random: sshd: uninitialized urandom read (32 bytes read)
[  644.652270] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.40' (ECDSA) to the list of known hosts.
[  650.107081] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[  861.151210] INFO: task syz-executor633:4471 blocked for more than 140 seconds.
[  861.158676]       Not tainted 4.18.0-rc5-next-20180717+ #9
[  861.164329] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  861.172311] syz-executor633 D23616  4471   4468 0x00000004
[  861.177973] Call Trace:
[  861.180560]  __schedule+0x87c/0x1ea0
[  861.184291]  ? __sched_text_start+0x8/0x8
[  861.188460]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.193075]  ? kasan_check_write+0x14/0x20
[  861.197326]  ? do_raw_spin_lock+0xc1/0x200
[  861.201584]  ? trace_hardirqs_on+0xd/0x10
[  861.205756]  ? prepare_to_wait_event+0x396/0xc70
[  861.210547]  ? prepare_to_wait_exclusive+0x550/0x550
[  861.215669]  ? send_sigio+0x340/0x340
[  861.219489]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.223910]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.228511]  schedule+0xfb/0x450
[  861.231895]  ? lock_downgrade+0x8f0/0x8f0
[  861.236074]  ? __schedule+0x1ea0/0x1ea0
[  861.240061]  ? check_same_owner+0x340/0x340
[  861.244490]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.248915]  ? replenish_dl_entity.cold.54+0x37/0x37
[  861.254054]  request_wait_answer+0x4c8/0x920
[  861.258481]  ? fuse_read_forget.isra.22+0xdc0/0xdc0
[  861.263527]  ? finish_wait+0x430/0x430
[  861.267428]  ? send_sigio+0x340/0x340
[  861.271265]  ? lock_acquire+0x1e4/0x540
[  861.275256]  ? finish_wait+0x430/0x430
[  861.279188]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[  861.284687]  ? finish_wait+0x430/0x430
[  861.288610]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.293481]  ? fuse_dev_ioctl+0x430/0x430
[  861.297657]  ? kasan_check_write+0x14/0x20
[  861.301906]  ? do_raw_spin_lock+0xc1/0x200
[  861.306169]  __fuse_request_send+0x12a/0x1d0
[  861.310596]  fuse_request_send+0x62/0xa0
[  861.314693]  fuse_simple_request+0x33d/0x730
[  861.319124]  fuse_lookup_name+0x3ee/0x830
[  861.323291]  ? fuse_valid_type+0xb0/0xb0
[  861.327371]  fuse_lookup+0xf9/0x4c0
[  861.331024]  ? fuse_lookup_name+0x830/0x830
[  861.335447]  ? lock_acquire+0x1e4/0x540
[  861.339446]  ? __lockdep_init_map+0x105/0x590
[  861.343972]  __lookup_slow+0x2b5/0x540
[  861.347882]  ? vfs_unlink+0x510/0x510
[  861.351707]  ? down_read+0xb5/0x1d0
[  861.355361]  ? lookup_slow+0x49/0x80
[  861.359086]  ? __down_interruptible+0x700/0x700
[  861.363785]  ? lookup_fast+0x470/0x12a0
[  861.367783]  ? __follow_mount_rcu.isra.36.part.37+0x890/0x890
[  861.373731]  lookup_slow+0x57/0x80
[  861.377316]  walk_component+0x94a/0x2630
[  861.381427]  ? inode_permission+0xb2/0x560
[  861.385703]  ? path_init+0x2340/0x2340
[  861.389626]  ? walk_component+0x2630/0x2630
[  861.393991]  ? save_stack+0xa9/0xd0
[  861.397643]  ? save_stack+0x43/0xd0
[  861.401293]  ? kmem_cache_alloc+0x12e/0x760
[  861.405649]  ? getname_flags+0xd0/0x5a0
[  861.409652]  ? user_path_at_empty+0x2d/0x50
[  861.414006]  ? vfs_statx+0x129/0x210
[  861.417755]  path_lookupat.isra.45+0x202/0xbf0
[  861.422382]  ? kasan_check_read+0x11/0x20
[  861.426561]  ? path_parentat.isra.43+0x160/0x160
[  861.431345]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  861.436555]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  861.441602]  ? __check_object_size+0xa3/0x5d7
[  861.446127]  ? usercopy_warn+0x120/0x120
[  861.450213]  ? kasan_check_read+0x11/0x20
[  861.454381]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.458817]  filename_lookup+0x264/0x510
[  861.462910]  ? filename_parentat.isra.58+0x570/0x570
[  861.468055]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  861.473618]  ? mpi_free.cold.1+0x19/0x19
[  861.477710]  ? kfree+0xd9/0x260
[  861.481013]  ? do_syscall_64+0x1b9/0x820
[  861.485141]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  861.490730]  ? getname_flags+0x26e/0x5a0
[  861.494832]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.499282]  user_path_at_empty+0x40/0x50
[  861.503451]  vfs_statx+0x129/0x210
[  861.507011]  ? vfs_statx_fd+0xc0/0xc0
[  861.510835]  ? debug_check_no_obj_freed+0x30b/0x595
[  861.515880]  ? kasan_kmalloc+0xc4/0xe0
[  861.519784]  __do_sys_newstat+0x8f/0x110
[  861.523883]  ? cp_new_stat+0xa50/0xa50
[  861.527884]  ? __x64_sys_futex+0x47f/0x6a0
[  861.532146]  ? do_futex+0x27d0/0x27d0
[  861.535964]  ? trace_hardirqs_on+0xd/0x10
[  861.540146]  ? ksys_mount+0xa8/0x140
[  861.543887]  __x64_sys_newstat+0x54/0x80
[  861.547976]  do_syscall_64+0x1b9/0x820
[  861.551901]  ? finish_task_switch+0x1d3/0x870
[  861.556422]  ? syscall_return_slowpath+0x5e0/0x5e0
[  861.561372]  ? syscall_return_slowpath+0x31d/0x5e0
[  861.566323]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  861.571354]  ? prepare_exit_to_usermode+0x291/0x3b0
[  861.576398]  ? perf_trace_sys_enter+0xb10/0xb10
[  861.581095]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  861.585975]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  861.591209] RIP: 0033:0x445869
[  861.594413] Code: Bad RIP value.
[  861.597810] RSP: 002b:00007f32245bcda8 EFLAGS: 00000297 ORIG_RAX: 0000000000000004
[  861.605553] RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 0000000000445869
[  861.612851] RDX: 0000000000445869 RSI: 0000000020000480 RDI: 00000000200000c0
[  861.620170] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000
[  861.627519] R10: 0000000000000000 R11: 0000000000000297 R12: 0030656c69662f2e
[  861.634842] R13: 7375662f7665642f R14: 2f30656c69662f2e R15: 0000000000000001
[  861.642147] INFO: task syz-executor633:4472 blocked for more than 140 seconds.
[  861.649529]       Not tainted 4.18.0-rc5-next-20180717+ #9
[  861.655161] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  861.663170] syz-executor633 D24800  4472   4468 0x00000004
[  861.668839] Call Trace:
[  861.671467]  __schedule+0x87c/0x1ea0
[  861.675207]  ? __sched_text_start+0x8/0x8
[  861.679391]  ? trace_hardirqs_on+0x10/0x10
[  861.683643]  schedule+0xfb/0x450
[  861.687033]  ? lock_downgrade+0x8f0/0x8f0
[  861.691195]  ? __schedule+0x1ea0/0x1ea0
[  861.695291]  ? kasan_check_read+0x11/0x20
[  861.699465]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.703895]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.708514]  ? kasan_check_write+0x14/0x20
[  861.712776]  ? do_raw_spin_lock+0xc1/0x200
[  861.717469]  __rwsem_down_write_failed_common+0x95d/0x1630
[  861.724087]  ? rwsem_spin_on_owner+0xa40/0xa40
[  861.728709]  ? trace_hardirqs_on+0x10/0x10
[  861.732973]  ? bpf_prog_kallsyms_find+0xde/0x4c0
[  861.737768]  ? trace_hardirqs_on+0x10/0x10
[  861.742049]  ? lock_acquire+0x1e4/0x540
[  861.746042]  ? is_bpf_text_address+0xae/0x170
[  861.750568]  ? trace_hardirqs_on+0x10/0x10
[  861.754834]  ? lock_acquire+0x1e4/0x540
[  861.758849]  ? depot_save_stack+0x291/0x470
[  861.763217]  ? lock_downgrade+0x8f0/0x8f0
[  861.767415]  ? kasan_check_read+0x11/0x20
[  861.771591]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.776195]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.780813]  ? kasan_check_write+0x14/0x20
[  861.785071]  ? do_raw_spin_lock+0xc1/0x200
[  861.789326]  ? trace_hardirqs_on+0xd/0x10
[  861.793500]  ? depot_save_stack+0x291/0x470
[  861.797851]  ? save_stack+0xa9/0xd0
[  861.801495]  ? lock_acquire+0x1e4/0x540
[  861.805493]  ? find_inode.isra.20+0x188/0x1d0
[  861.810027]  ? lock_downgrade+0x8f0/0x8f0
[  861.814189]  ? lock_acquire+0x1e4/0x540
[  861.818187]  ? fuse_reverse_inval_entry+0xae/0x6d0
[  861.823133]  ? do_raw_spin_unlock+0xa7/0x2f0
[  861.827559]  ? lock_release+0xa30/0xa30
[  861.831546]  ? check_same_owner+0x340/0x340
[  861.835888]  ? kasan_check_read+0x11/0x20
[  861.840053]  rwsem_down_write_failed+0xe/0x10
[  861.844571]  ? rwsem_down_write_failed+0xe/0x10
[  861.849259]  call_rwsem_down_write_failed+0x17/0x30
[  861.854298]  down_write+0xaa/0x130
[  861.857852]  ? fuse_reverse_inval_entry+0xae/0x6d0
[  861.862816]  ? down_read+0x1d0/0x1d0
[  861.866571]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  861.872158]  ? ilookup5+0x103/0x140
[  861.875830]  ? fuse_init_file_inode+0x70/0x70
[  861.880355]  fuse_reverse_inval_entry+0xae/0x6d0
[  861.885140]  ? fuse_update_attributes+0xd0/0xd0
[  861.889929]  fuse_dev_do_write+0x2d47/0x36f0
[  861.894368]  ? fuse_dev_read+0x250/0x250
[  861.898462]  ? trace_hardirqs_on+0x10/0x10
[  861.902741]  ? lock_acquire+0x1e4/0x540
[  861.906772]  ? __fget+0x4ac/0x740
[  861.910254]  ? lock_downgrade+0x8f0/0x8f0
[  861.914426]  ? lock_release+0xa30/0xa30
[  861.918423]  ? __fget+0x4d5/0x740
[  861.921906]  ? memset+0x31/0x40
[  861.925213]  fuse_dev_write+0x19a/0x240
[  861.929205]  ? fuse_dev_splice_write+0xe60/0xe60
[  861.933989]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  861.939554]  ? iov_iter_init+0xc9/0x1f0
[  861.943562]  __vfs_write+0x6af/0x9d0
[  861.947294]  ? kernel_read+0x120/0x120
[  861.951208]  ? rw_verify_area+0x118/0x360
[  861.955373]  vfs_write+0x1fc/0x560
[  861.958918]  ksys_write+0x101/0x260
[  861.962566]  ? __ia32_sys_read+0xb0/0xb0
[  861.966643]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  861.971245]  __x64_sys_write+0x73/0xb0
[  861.975153]  do_syscall_64+0x1b9/0x820
[  861.979065]  ? syscall_return_slowpath+0x5e0/0x5e0
[  861.984030]  ? syscall_return_slowpath+0x31d/0x5e0
[  861.988974]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  861.994031]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  861.998904]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  862.004114] RIP: 0033:0x445869
[  862.007321] Code: Bad RIP value.
[  862.010703] RSP: 002b:00007f322459bda8 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  862.018441] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 0000000000445869
[  862.025735] RDX: 0000000000000033 RSI: 0000000020000280 RDI: 0000000000000003
[  862.033040] RBP: 00000000006dac38 R08: 00007f322459c700 R09: 0000000000000000
[  862.040317] R10: 00007f322459c700 R11: 0000000000000293 R12: 0030656c69662f2e
[  862.047622] R13: 7375662f7665642f R14: 2f30656c69662f2e R15: 0000000000000001
[  862.054926] INFO: lockdep is turned off.
[  862.059020] NMI backtrace for cpu 0
[  862.062682] CPU: 0 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc5-next-20180717+ #9
[  862.070642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  862.079986] Call Trace:
[  862.082561]  dump_stack+0x1c9/0x2b4
[  862.086169]  ? dump_stack_print_info.cold.2+0x52/0x52
[  862.091346]  ? vprintk_default+0x28/0x30
[  862.095396]  ? lapic_can_unplug_cpu.cold.28+0x3f/0x3f
[  862.100574]  nmi_cpu_backtrace.cold.3+0x48/0x88
[  862.105333]  ? lapic_can_unplug_cpu.cold.28+0x3f/0x3f
[  862.110504]  nmi_trigger_cpumask_backtrace+0x151/0x192
[  862.115757]  arch_trigger_cpumask_backtrace+0x14/0x20
[  862.120926]  watchdog+0xb39/0x10b0
[  862.124446]  ? reset_hung_task_detector+0xd0/0xd0
[  862.129270]  ? kasan_check_read+0x11/0x20
[  862.133403]  ? do_raw_spin_unlock+0xa7/0x2f0
[  862.137806]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  862.142891]  ? __kthread_parkme+0x58/0x1b0
[  862.147106]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  862.152101]  ? trace_hardirqs_on+0xd/0x10
[  862.156230]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  862.161744]  ? __kthread_parkme+0x106/0x1b0
[  862.166045]  kthread+0x345/0x410
[  862.169397]  ? reset_hung_task_detector+0xd0/0xd0
[  862.174212]  ? kthread_bind+0x40/0x40
[  862.178000]  ret_from_fork+0x3a/0x50
[  862.181757] Sending NMI from CPU 0 to CPUs 1:
[  862.186328] NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x6/0x10
[  862.187282] Kernel panic - not syncing: hung_task: blocked tasks
[  862.200025] CPU: 0 PID: 901 Comm: khungtaskd Not tainted 4.18.0-rc5-next-20180717+ #9
[  862.207972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  862.217305] Call Trace:
[  862.219895]  dump_stack+0x1c9/0x2b4
[  862.223511]  ? dump_stack_print_info.cold.2+0x52/0x52
[  862.228698]  ? printk_safe_log_store+0x2f0/0x2f0
[  862.233521]  panic+0x238/0x4e7
[  862.236696]  ? add_taint.cold.5+0x16/0x16
[  862.240828]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  862.246345]  ? nmi_trigger_cpumask_backtrace+0x13a/0x192
[  862.251770]  ? printk_safe_flush+0xd7/0x130
[  862.256072]  watchdog+0xb4a/0x10b0
[  862.259594]  ? reset_hung_task_detector+0xd0/0xd0
[  862.264421]  ? kasan_check_read+0x11/0x20
[  862.268552]  ? do_raw_spin_unlock+0xa7/0x2f0
[  862.272944]  ? _raw_spin_unlock_irqrestore+0x74/0xc0
[  862.278031]  ? __kthread_parkme+0x58/0x1b0
[  862.282250]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  862.287251]  ? trace_hardirqs_on+0xd/0x10
[  862.291380]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  862.296901]  ? __kthread_parkme+0x106/0x1b0
[  862.301276]  kthread+0x345/0x410
[  862.304640]  ? reset_hung_task_detector+0xd0/0xd0
[  862.309476]  ? kthread_bind+0x40/0x40
[  862.313268]  ret_from_fork+0x3a/0x50
[  862.317384] Dumping ftrace buffer:
[  862.321339]    (ftrace buffer empty)
[  862.325041] Kernel Offset: disabled
[  862.328654] Rebooting in 86400 seconds..